reCAPTCHA: What it is and How it Protects You and Your Client Data

Every tax professional is a potential target for highly sophisticated, well-funded and technologically adept cybercriminals around the world.

No one can fight this crime alone. It takes all of us working together. That is why the Security Summit – the unprecedented partnership between the IRS, state tax agencies, and the private-sector tax industry – came together to form a united and coordinated front against this common enemy.

One of the changes for TaxAct® 2018 Professional includes a requirement for “bot protection,” meaning preventing an automated way of trying several username/password combinations to find ones that are valid. Bot protection is the first step to ensure your Practice and client information is not compromised. TaxAct has chosen to use Google reCAPTCHA to fulfill the bot-protection requirement, as it’s the industry gold standard.

What is reCAPTCHA?

Google reCAPTCHA comes in many forms you may be familiar with seeing on various websites. A previous version included having to read distorted text and type it into a box. There is also the check box to prove “I’m not a robot.” What we’ve chosen to implement as part of our TaxAct Professional sign-in process is called “no CAPTCHA reCAPTCHA.” In this version, Google will score every interaction of our sign-in based on Google’s undisclosed algorithm to determine whether it’s necessary to present a reCAPTCHA challenge. Most of our users will be able to sign in with no additional reCAPTCHA challenge. However, in some cases, you will be asked to select images prior to signing in.

Unfortunately, because reCAPTCHA is a Google service, TaxAct does not have any control over which images are used or the quality and clarity of those images.

How is this different than verification codes?

When signing in, you may also be asked to enter a verification code. This requirement does not protect against bots like reCAPTCHA, but adds a level of 2-factor authentication – something you know and access to something, i.e. email or mobile phone – to help protect your account from identity theft. To minimize the number of times you’re asked to enter a verification code, you can check the box to “Remember me,” which will set your current device as a trusted device. You also have the ability to manage your trusted devices in your account.